On 2/20/20 7:35 AM, Kazim Koybasi wrote:
Hello,
We would like to give a virtual machine service to our users in our campus
so that they can create their own virtual machine and see only their own
virtual machine. I found that it is possible from command line or with root
access from Proxmox interface. Is it possible to create an environment an
give permission per user with Proxmox so that they can create and only see
their own virtual machine?
Hi,
this is not comfortably doable, for the following reasons
for creating a vm, a user has to have:
* allocate rights on the storage for the vm disks
(which will give him also rights to see/edit/destroy all other disks on
that storage)
* allocate rights on /vms/{ID} which you can create beforehand,
but there is not 'pool', iow the user has to use the assigned ids
additionally, there is no mechanism for limiting resources per user
(e.g. only some amount of cores)
also, when deleting the vm, the acls to that vm will also get removed,
meaning if you given a user the right to /vms/100 and he deletes
the vm 100, he no longer has the rights to it
finally, there is generally no concept of resource 'ownership' for
users only privileges and acls
if you can workaround/ignore/accept those issues, you should be fine,
otherwise i would suggest either using or creating a seperate
interface which handles all of that with the API[0]
(handling ownership, limiting api calls, etc)
hope this helps
regards
Dominik
0: https://pve.proxmox.com/wiki/Proxmox_VE_API
_______________________________________________
pve-user mailing list
pve-user@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
